The letter will be delivered in time for a hearing of the House Judiciary Committee, which will meet Wednesday to discuss the crimes associated with cybersecurity threats like IP theft and computer hacking. The letter, which includes groups that range from the Internet Infrastructure Coalition to O'Reilly Media, provides a voice to innovators and entrepreneurs who have seen the CFAA used as a deterrent to innovation.

The letter acknowledges the need to criminalize malicious hacking, but noted that the current law goes far beyond that:

[D]eterring digital criminals can be done without criminalizing harmless contractual breaches and imposing felony liability on developers of innovative technologies. In the nearly three decades since the CFAA’s enactment, the law has lost its way.

In the hearing, members will likely discuss the CFAA. One witness, Professor Orin Kerr, has pushed to reform the CFAA for quite some time. Kerr will be a contrast to the Business Software Alliance, which is in favor of proposals introduced last year by President Obama. Those proposals attempted—and thankfully failed—to increase some of the penalties in the CFAA by 10 years. Every year a hearing like this takes place and every year Congress proposes, but never passes, more penalties for computer crimes.

This year is different. It's time to fight back. The CFAA allowed prosecutors to charge Aaron with over 35 years in prison and $1 million in fines. Originally designed to protect government computers, it now covers almost any computer, and criminalizes an access to a computer without authorization that merely “obtains information.” One of its many problems is that it doesn't define "without authorization," and has been subject to aggressive interpretations. Companies and the government have used the vagueness to stifle innovation and overzealously prosecute violations of terms of service as crimes.

The House Judiciary Committee should hold a markup exclusively on Aaron's Law in order to present it to the House floor for a vote. Users from across the spectrum have rallied around Aaron's death to push to change the law. And the courts are already moving in the right direction—both the Fourth Circuit and Ninth Circuit have ruled against the criminalization of a terms of service violation.

The committee's members are also calling for much-needed change. Zoe Lofgren has proposed (PDF) Aaron's Law, which makes sure the Fourth and Ninth Circuit rulings are reflected in the law. EFF has also proposed revisions, which aim to protect innovation and decrease the penalties found in the law. Professor Kerr has also introduced his own proposals.

Please join the fight by adding your company’s name to the letter calling for CFAA reform. Please email Mark.

It's time for House Judiciary Committee to listen to users, the courts, its members, and even its own witness. Let's reform this law so that it can no longer be used against people like Aaron. Please go here to tell your representative to support reform.

Related Updates

When McMansion Hell blogger Kate Wagner received Zillow’s letter last month demanding that she take down her architecture parody blog, she was scared. So scared that she temporarily disabled access to her blog via McMansionHell.com until she could find an attorney. We’re happy she found us at EFF...

Update 5:00pm: Zillow has released a statement saying the company has "decided against moving forward with legal action." EFF is pleased that Zillow has withdrawn its threat and won't be seeking to take down any of the posts on McMansion Hell. We hope that other companies seeking to shut...

Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a ruling that threatens to transform a law against computer break-ins into a mechanism for criminalizing password sharing and policing Internet use. In an amicus brief filed with today, EFF urged the court to weigh...

On January 18, 2012, the Internet went dark. Hundreds of websites went black in protest of the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA). The bills would have created a “blacklist” of censored websites based on accusations of copyright infringement. SOPA was en route to quietly...

Attorney General nominee Sen. Jeff Sessions is testifying in front of the Senate Judiciary Committee today as part of his confirmation process. EFF has voiced concerns about President-elect Donald Trump’s nomination of Sessions to lead the Justice Department, citing past statements he has made and votes he has cast on...

Laws enacted out of fear, not facts, are a recipe for disaster. That’s what happened with the Computer Fraud and Abuse Act (CFAA)—the federal statute that makes it illegal to break into computer systems to access or alter information. The law’s notoriously vague language has confused courts, chilled...

This weekend you have the chance to add to Aaron Swartz’s legacy by boosting tools for whistleblowers. The 2016 Aaron Swartz International Hackathon—held in honor of the late Internet and political activist—will take place during the day Saturday and Sunday at the Internet Archive in San Francisco. The hackathon...

The Internet has been on fire in recent months over two court decisions that threaten to criminalize password sharing. The law at the heart of the cases is the Computer Fraud and Abuse Act (CFAA), a 1986 statute meant to outlaw computer break-ins. Congress passed the CFAA after...

Should prosecutors have the ability to take advantage of unclear laws to bring charges for behavior far beyond the problem Congress was trying to address? We don’t think so. When not carefully limited, criminal laws give prosecutors too much power to go after innocent individuals for innocuous behavior, like ...

How the CFAA, which was originally intended to target criminals for havoc-wreaking computer break-ins and data theft, came to be used to convict people for using someone else's password is a study in prosecutorial overreach and shows how the law has failed to keep up with technology. Congress needs to...